==== Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.6
- Linux/BSD distribution name and version: Ubuntu Xenial
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? - no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Ok, probably a dumb Q, but how do I go about securing a subdirectory from being accessible to anything other than local service?

I have added a webservice with root at /var/www/html/URLroot which has a subdirectory located at URLroot/data.  This needs to be made unavailable to the network.  I have tried a few things, but I am not really that great with Apache and I am not really too clear how the .htaccess / conf-available / conf-enabled files all interoperate and work - or exactly what symlinks I need to create.  I tried moving the /data directory, but that was not successful.  I also tried (stabbing the dark) to replicate the information contained in the roundcubemail related files in the conf-enabled and conf-available directories but the symlink issue was at least one problem (ie not sure what to link to where) ... that an my more general ignorance to be fair.  The .htaccess file in the subdirectory already has a 'deny from all' entry, but that is not working so I need something involving the directives really - but not too sure how to do that.

Given the complexity of the iredmail file structure I'd rather not break it all.   

Pointing me in the right direction/suitable resource would be much appreciated.  An idiot's guide would be most helpful as that is pretty much what I am :-)

Thank you